codeql

mirror of https://github.com/github/codeql.git synced 2026-01-15 15:34:49 +01:00

Author	SHA1	Message	Date
Asger Feldthaus	5548606f21	JS: Add test	2020-06-12 13:02:33 +01:00
Asger Feldthaus	4795b87daa	JS: Add model of Micro	2020-06-12 12:45:11 +01:00
Asger Feldthaus	230f78afb6	JS: Step through path.{format, parse}	2020-06-12 12:26:45 +01:00
Erik Krogh Kristensen	86b23b239e	Merge pull request #3656 from erik-krogh/destruct-yargs JS: support rest-patterns inside property patterns	2020-06-12 10:57:24 +02:00
Esben Sparre Andreasen	1bdae109c5	Merge pull request #3686 from esbena/js/insecure-http-options JS: add query js/disabling-certificate-validation	2020-06-12 08:40:12 +02:00
semmle-qlci	5c2f1169d0	Merge pull request #3679 from asger-semmle/js/dom-value-ref-restriction Approved by erik-krogh, esbena	2020-06-12 07:39:26 +01:00
Esben Sparre Andreasen	243e3ad9e3	Merge pull request #3672 from esbena/js/server-crashing-route-handler JS: add initial version of ServerCrash.ql	2020-06-12 08:38:37 +02:00
Erik Krogh Kristensen	065cb04202	make PropNode private again	2020-06-11 23:19:03 +02:00
Erik Krogh Kristensen	ef72c03ca9	use simpler taint-step for DestructingPattern	2020-06-11 23:16:46 +02:00
Esben Sparre Andreasen	169c8909df	formatting	2020-06-11 13:28:26 +02:00
Esben Sparre Andreasen	bc7f02156b	JS: replace class with two predicates (and improve alert message)	2020-06-11 13:20:46 +02:00
Esben Sparre Andreasen	2e059376fd	JS: add query js/disabling-certificate-validation	2020-06-11 12:32:01 +02:00
Asger Feldthaus	4bb2e8b637	JS: Update test externs and include array indices	2020-06-11 09:53:55 +01:00
Esben Sparre Andreasen	d6ae905eac	JS: remove speculative property access sink from js/server-crash	2020-06-10 21:40:12 +02:00
Asger Feldthaus	f23c6030aa	JS: Restrict domValueRef to known DOM property names	2020-06-10 15:14:23 +01:00
Asger Feldthaus	bb2b7fb6fb	JS: Add test with class stored in global variable	2020-06-10 15:14:23 +01:00
semmle-qlci	df79f2adc5	Merge pull request #3655 from asger-semmle/js/string-ops-regexp-test-fix Approved by esbena	2020-06-10 13:35:22 +01:00
Esben Sparre Andreasen	1d396524a3	JS: add initial version of ServerCrash.ql	2020-06-10 14:25:56 +02:00
Erik Krogh Kristensen	733e04c1eb	Move rest-pattern inside property-pattern step to a taint-step	2020-06-10 09:02:22 +02:00
Erik Krogh Kristensen	b8a9ac39f4	add lValueFlowStep for rest-pattern nested inside a property-pattern (and removed old incorrect approach)	2020-06-09 18:16:00 +02:00
Erik Krogh Kristensen	b6e0e6645f	Merge pull request #3645 from erik-krogh/infExposure JS: add query to detect accidential leak of private files	2020-06-09 17:38:31 +02:00
Erik Krogh Kristensen	b510e470b1	support rest-patterns inside property patterns	2020-06-09 13:28:56 +02:00
Erik Krogh Kristensen	b04d7015ae	fix test	2020-06-09 11:23:46 +02:00
Asger Feldthaus	0345036420	JS: Fix 'match' call in StringOps::RegExpTest	2020-06-09 10:07:36 +01:00
Erik Krogh Kristensen	c2fbcea96f	base the chaining on yargs on the methods that are NOT chained	2020-06-09 10:22:25 +02:00
Erik Krogh Kristensen	167239e745	add query to detect accidential leak of private files	2020-06-08 23:41:14 +02:00
Erik Krogh Kristensen	0f06f04e32	extend support for yargs for js/indirect-command-line-injection	2020-06-08 16:45:09 +02:00
semmle-qlci	ff6936caa7	Merge pull request #3625 from erik-krogh/CVE714 Approved by asgerf	2020-06-05 12:21:10 +01:00
semmle-qlci	69a1e11c06	Merge pull request #3609 from erik-krogh/CredFN Approved by asgerf, esbena	2020-06-05 10:49:01 +01:00
Erik Krogh Kristensen	82cf53897f	TypeOfCheck -> TypeOfUndefinedSanitizer Co-authored-by: Asger F <asgerf@github.com>	2020-06-05 11:35:39 +02:00
Erik Krogh Kristensen	05d7be8e23	autoformat	2020-06-05 09:59:45 +02:00
Erik Krogh Kristensen	96ca4cf7eb	add missing quote	2020-06-04 19:45:24 +00:00
Erik Krogh Kristensen	815671f5d0	add sanitizer guard for typeof undefined	2020-06-04 21:32:26 +02:00
Max Schaefer	9549b01e3c	JavaScript: Turn on experimental language features for two tests. All other tests already pass with experimental features turned on, so once this is merged we can do so by default.	2020-06-04 11:27:31 +01:00
semmle-qlci	70131e6ac8	Merge pull request #3598 from asger-semmle/js/regexp-test Approved by esbena	2020-06-04 09:05:21 +01:00
Erik Krogh Kristensen	a90c8769ee	update expected output	2020-06-03 15:24:04 +02:00
Erik Krogh Kristensen	7c26efbc12	case insensitive authorization header	2020-06-03 15:23:51 +02:00
Erik Krogh Kristensen	b508ad41c8	don't have a separate `fetch` module	2020-06-03 15:20:06 +02:00
Erik Krogh Kristensen	46cd0143d8	Update javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll Co-authored-by: Asger F <asgerf@github.com>	2020-06-03 15:18:10 +02:00
Erik Krogh Kristensen	28a1900612	treat all writes to Authorization as a CredentialsExpr	2020-06-03 13:55:49 +02:00
Erik Krogh Kristensen	6466ab19a0	Update javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-06-03 13:51:04 +02:00
Erik Krogh Kristensen	f8caec76ab	move the Fetch module to ClientRequests	2020-06-03 13:37:34 +02:00
Erik Krogh Kristensen	aa463d8298	mention fetch instead of node-fetch	2020-06-03 13:33:43 +02:00
Erik Krogh Kristensen	1b53cd4bd9	update docstring of FetchAuthorization Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-06-03 13:31:16 +02:00
Erik Krogh Kristensen	a1940979ba	support credentials in a Buffer	2020-06-03 12:02:00 +02:00
Erik Krogh Kristensen	ba44ebe8a8	better support for browser based fetch API	2020-06-03 11:51:24 +02:00
Erik Krogh Kristensen	3622fb8716	support more variants of the Headers API	2020-06-03 11:50:10 +02:00
Erik Krogh Kristensen	3c802007a3	add support for string concatenations and base64-encoding of hardcoded credentials	2020-06-02 23:15:13 +02:00
Erik Krogh Kristensen	b6dc94fccb	add fetch.Headers.Authorization as a CredentialsExpr	2020-06-02 23:02:16 +02:00
Erik Krogh Kristensen	14f0d1687a	factor fetch import into NodeJSLib	2020-06-02 22:45:47 +02:00

1 2 3 4 5 ...

3378 Commits